commit | 133eae58e0e3ec4f7f3127f2c21fdf420128f151 | [log] [tgz] |
---|---|---|
author | Julie Qiu <julie@golang.org> | Wed Mar 08 18:32:42 2023 -0500 |
committer | Julie Qiu <julieqiu@google.com> | Thu Mar 09 00:59:58 2023 +0000 |
tree | d1e9ea456a19c0171df96bcc89c8fbd9656c6c1e | |
parent | c0f6c6836dbc3e62333cab281da7001c56461364 [diff] |
internal/govulncheck: return exit code 0 for -json mode when vulns are found When vulnerabilities are found, we return an exit code 3 if running in text mode, because we assume that users are checking for whether vulnerabilities exist in their code. Therefore, the presence of vulnerabilities should be a failure, regardless of what is in the output. This isn't the case for -json mode, since the presence of JSON data indicates success, so return an exit code of 0. This is consistent with a decision from CL 432236. Change-Id: Ie403ea79e40eb80bad590679a27ef9c3f5f8665a Reviewed-on: https://go-review.googlesource.com/c/vuln/+/474795 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Ian Cottrell <iancottrell@google.com> Run-TryBot: Julie Qiu <julieqiu@google.com>
This repository contains packages for accessing and analyzing data from the Go Vulnerability Database. It contains the following:
Check out https://go.dev/security/vuln for more information about the Go vulnerability management system.
The privacy policy for govulncheck
can be found at https://vuln.go.dev/privacy.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries available at https://vuln.go.dev are distributed under the terms of the CC-BY 4.0 license.